Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e60f23-be66-4548-b085-2c760816595d/1/rNXjPf9V32J01yL-58B_n6DNjgQ.roa
File:                     rNXjPf9V32J01yL-58B_n6DNjgQ.roa (raw, json)
Hash identifier:          PEq9Omnh79RBbn0LSfDVck2sfJyksTHvuNmZxn5G/z8=
Subject key identifier:   AC:D5:E3:3D:FF:55:DF:62:74:D7:22:FE:E7:C0:7F:9F:A0:CD:8E:04
Certificate issuer:       /CN=24da068248f684a5ae5d979c96782bda2619a664
Certificate serial:       019E853C11BE3763B1B4D3103DFBEF51C153
Authority key identifier: 24:DA:06:82:48:F6:84:A5:AE:5D:97:9C:96:78:2B:DA:26:19:A6:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNoGgkj2hKWuXZeclngr2iYZpmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e60f23-be66-4548-b085-2c760816595d/1/rNXjPf9V32J01yL-58B_n6DNjgQ.roa
Signing time:             Mon 01 Jun 2026 22:09:26 +0000
ROA not before:           Mon 01 Jun 2026 22:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22616
IP address blocks:        2a01:940:1::/48 maxlen: 48
                          2a01:940:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e60f23-be66-4548-b085-2c760816595d/1/JNoGgkj2hKWuXZeclngr2iYZpmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e60f23-be66-4548-b085-2c760816595d/1/JNoGgkj2hKWuXZeclngr2iYZpmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNoGgkj2hKWuXZeclngr2iYZpmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:85:3c:11:be:37:63:b1:b4:d3:10:3d:fb:ef:51:c1:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24da068248f684a5ae5d979c96782bda2619a664
        Validity
            Not Before: Jun  1 22:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acd5e33dff55df6274d722fee7c07f9fa0cd8e04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:36:41:e1:59:24:67:50:20:ea:63:24:5f:1c:
                    b3:7e:58:c3:95:d2:d0:36:c1:c9:0f:11:86:0a:0f:
                    34:6c:36:66:7f:68:26:91:a1:7f:52:43:10:cb:31:
                    c6:51:41:9d:82:3a:db:8d:ce:c9:e2:0e:4f:8d:f8:
                    48:5a:99:6d:7e:9a:c5:0c:b5:b3:19:c4:bf:0d:65:
                    10:1d:af:34:b2:b0:ca:42:37:08:49:8e:99:ef:b4:
                    59:66:f1:0a:1e:fc:34:e1:1f:5e:9a:87:30:8c:dd:
                    77:06:6e:07:f0:e8:02:d7:50:88:b0:75:8b:42:92:
                    7a:bf:63:db:60:ae:00:b7:ef:47:ea:47:89:7f:d6:
                    01:35:40:7a:5d:29:20:3f:4a:92:7f:e5:5e:12:61:
                    2a:e6:e7:64:4c:57:a4:05:fa:75:05:d1:44:e3:07:
                    48:68:94:86:0a:5b:37:cc:da:58:79:2d:76:2e:67:
                    75:4a:a8:4b:30:75:6b:e4:f2:b4:83:83:77:15:e1:
                    31:02:a0:24:44:3e:38:7d:3e:bb:01:be:89:a3:fa:
                    d8:8c:04:2a:75:5e:24:fb:47:dd:16:80:1a:5f:47:
                    86:fb:d8:29:0e:c6:04:36:3b:15:4f:9e:ce:8d:48:
                    ed:fa:67:83:04:93:18:58:df:0a:18:fc:a1:69:b3:
                    35:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D5:E3:3D:FF:55:DF:62:74:D7:22:FE:E7:C0:7F:9F:A0:CD:8E:04
            X509v3 Authority Key Identifier:
                keyid:24:DA:06:82:48:F6:84:A5:AE:5D:97:9C:96:78:2B:DA:26:19:A6:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNoGgkj2hKWuXZeclngr2iYZpmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e60f23-be66-4548-b085-2c760816595d/1/rNXjPf9V32J01yL-58B_n6DNjgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e60f23-be66-4548-b085-2c760816595d/1/JNoGgkj2hKWuXZeclngr2iYZpmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:940:1::-2a01:940:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a1:1f:58:bf:9f:30:f6:50:45:62:ab:92:fe:3c:46:cf:62:c0:
         70:f1:70:71:68:df:d0:75:ba:c8:a2:11:61:fe:88:c2:68:d2:
         4a:74:27:16:72:57:e2:f1:e3:89:77:cc:ad:a8:6e:a1:bd:2a:
         24:db:47:c5:66:8b:7e:e5:e9:c6:d1:ab:4d:f7:85:75:af:74:
         40:8c:53:28:c9:26:92:c4:88:c6:c5:4d:ed:cf:10:c8:1f:14:
         05:ba:fd:48:3c:b6:a0:ee:9c:bc:a8:2b:93:b1:f7:44:6b:58:
         12:ac:22:fb:db:ec:7f:69:a8:7e:4f:61:64:03:55:ee:e7:aa:
         68:e2:ed:1b:41:a0:30:51:61:91:d2:24:58:33:de:26:51:dd:
         4a:76:ab:65:4f:a6:b5:0b:40:e5:d7:a9:56:75:a2:41:24:fb:
         10:59:c3:05:f9:87:7c:f6:ca:9b:df:53:b9:38:60:e8:e9:00:
         de:33:3e:fc:48:9c:16:b3:5e:ea:2e:56:91:8b:2f:02:cb:2b:
         8b:4d:fb:50:f8:9c:f6:4a:26:72:ba:6e:8a:0c:d5:b0:ae:ca:
         46:65:da:4d:d0:20:ea:0e:46:a0:dc:72:bf:ff:4f:07:a0:db:
         b4:f8:11:0d:8e:78:24:b1:ce:27:6d:54:06:5b:9e:ab:75:2d:
         a6:17:80:35
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ6FPBG+N2OxtNMQPfvvUcFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZGEwNjgyNDhmNjg0YTVhZTVkOTc5Yzk2NzgyYmRhMjYx
OWE2NjQwHhcNMjYwNjAxMjIwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Q1ZTMzZGZmNTVkZjYyNzRkNzIyZmVlN2MwN2Y5ZmEwY2Q4ZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zZB4VkkZ1Ag6mMkXxyzfljDldLQ
NsHJDxGGCg80bDZmf2gmkaF/UkMQyzHGUUGdgjrbjc7J4g5PjfhIWpltfprFDLWz
GcS/DWUQHa80srDKQjcISY6Z77RZZvEKHvw04R9emocwjN13Bm4H8OgC11CIsHWL
QpJ6v2PbYK4At+9H6keJf9YBNUB6XSkgP0qSf+VeEmEq5udkTFekBfp1BdFE4wdI
aJSGCls3zNpYeS12Lmd1SqhLMHVr5PK0g4N3FeExAqAkRD44fT67Ab6Jo/rYjAQq
dV4k+0fdFoAaX0eG+9gpDsYENjsVT57OjUjt+meDBJMYWN8KGPyhabM1zQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKzV4z3/Vd9idNci/ufAf5+gzY4EMB8GA1UdIwQY
MBaAFCTaBoJI9oSlrl2XnJZ4K9omGaZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5vR2drajJoS1d1WFplY2xuZ3IyaVlacG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lNjBmMjMtYmU2Ni00NTQ4LWIwODUt
MmM3NjA4MTY1OTVkLzEvck5YalBmOVYzMkowMXlMLTU4Ql9uNkROamdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lNjBmMjMtYmU2Ni00NTQ4LWIwODUtMmM3NjA4MTY1OTVk
LzEvSk5vR2drajJoS1d1WFplY2xuZ3IyaVlacG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqAQlA
AAEDBwAqAQlAAAIwDQYJKoZIhvcNAQELBQADggEBAKEfWL+fMPZQRWKrkv48Rs9i
wHDxcHFo39B1usiiEWH+iMJo0kp0JxZyV+Lx44l3zK2obqG9KiTbR8Vmi37l6cbR
q033hXWvdECMUyjJJpLEiMbFTe3PEMgfFAW6/Ug8tqDunLyoK5Ox90RrWBKsIvvb
7H9pqH5PYWQDVe7nqmji7RtBoDBRYZHSJFgz3iZR3Up2q2VPprULQOXXqVZ1okEk
+xBZwwX5h3z2ypvfU7k4YOjpAN4zPvxInBazXuouVpGLLwLLK4tN+1D4nPZKJnK6
booM1bCuykZl2k3QIOoORqDccr//Tweg27T4EQ2OeCSxzidtVAZbnqt1LaYXgDU=
-----END CERTIFICATE-----